docs-graph
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Command Execution (MEDIUM): The skill uses the Bash tool to execute
python3 scripts/graph.pyfor graph generation, querying, and verification. This constitutes execution of code not contained within the analyzed skill file. - Auto-Execution / Persistence (MEDIUM): The documentation promotes the use of PostToolUse hooks in
.claude/settings.local.jsonto automatically trigger the Python script whenever files in theplans/directory are modified. This creates a persistent trigger for code execution based on file system events. - Indirect Prompt Injection (LOW): The skill processes untrusted markdown content from the
plans/directory to build its knowledge graph. - Ingestion points: All markdown files within the
plans/directory and its subdirectories. - Boundary markers: None identified; the skill parses raw file content for
[[wikilinks]]patterns. - Capability inventory: Execution of local Python scripts via
python3, file system reading viaRead, and file discovery viaGlob. - Sanitization: No evidence of sanitization or escaping for data interpolated into the Mermaid diagrams or console output.
Audit Metadata